Security Challenges of Hypervisors

Let's talk about
characteristics of the hypervisor that facilitate change but that also
introduce a new dimension to security. First of all, in a virtualized
environment we have applications moving from host to host and from physical
systems to virtual systems. And there are service-oriented architectures, where
applications will be moving multiple servers to perform a business function,
and those can move based on policy. Talk about some of the security challenges
that these things raise for IT managers today.

Yes, there are plenty of security challenges. What they are
going to target is not really the hypervisor, but the [VMware] Vmotion tools
used to move applications and actually take advantage of this movement to
attack the server itself.

There are a lot of security risks associated with moving an
application and server from one location to another. One of them is tracking
the system that moved. If you have a firewall in between, and the firewall
prevented some users from accessing this application when you moved the
application, you need to make sure you moved that firewall to the location with
the policy that was on the firewall. So, if you had any external security and
you're moving a VM, you need to make sure that you're moving all the security
with that.

But the mechanism to move a server and application, because of
the speed requirements, they're usually not encrypted. So, if you look at
Vmotion, for example, they request that you run it on a closed network, and the
reason is because you're not going to have the time-if you want to do it in a
real-time event-to encrypt and decrypt the information that moved from one
system to another. So ... if somebody got access to this particular network, then
they've got access to all of the VMs, all of the servers.

Those are the challenges: How do you apply security to those
moving parts, and how do you make sure that no one penetrates the Vmotion
layers?

You're an advocate for
defense in depth. This is an old concept in IT security. Does this concept of a
layered approach gain any new characteristics in a virtual environment?

It's not that it gains characteristics, it's emphasizing the need
for that. And the reason is, in virtualization, there is no one method that can
feed all. You can't just say, "OK, I've run anti-virus on the VM, and, that's
it, I've resolved the issues."

To really understand, take the example of moving an application.
When you move the application, anything that's running with the application
will move with it. But there is nothing that moves at the network level. You
need defense in depth to be able to have something to defend you at the network
level, have a solution to defend you at the host level, and you need more
defense in depth because there are too many moving parts, there are too many
changes that are happening in the infrastructure. If you don't keep track of
them, you're going to eventually have security issues, you're going to have
exposures, you're going to have security risks in your network.

So, when you move a VM from one location to another, if
somebody did that and you don't know who did it and why they did it, it's
possible that this VM that was supposed to be behind a firewall inside the
network got exposed to the external network. You need to make sure that you
have the right tools and the right capabilities to track and monitor those
events.

So, defense in depth in the virtual environment is much more
important than in the physical environment, where a server usually sits static
and doesn't move very rapidly.

Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.